This page lists publicly disclosed CVE vulnerabilities affecting gnu gnutls (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2015-0294 | GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | [email protected] | 7.5 | 1.59% | 2020-01-27 | 2026-06-16 |
| CVE-2015-8313 | GnuTLS incorrectly validates the first byte of padding in CBC modes | [email protected] | 5.9 | 1.69% | 2019-12-20 | 2026-06-16 |
| CVE-2019-3836 | It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. | [email protected] | 5.9 | 3.40% | 2019-04-01 | 2026-06-16 |
| CVE-2019-3829 | A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. | [email protected] | 5.3 | 58.97% | 2019-03-27 | 2026-06-16 |
| CVE-2018-16868 | A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. | [email protected] | 5.6 | 0.57% | 2018-12-03 | 2026-06-16 |
| CVE-2018-10846 | A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. | [email protected] | 5.6 | 0.39% | 2018-08-22 | 2026-06-16 |
| CVE-2018-10845 | It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. | [email protected] | 5.9 | 3.62% | 2018-08-22 | 2026-06-16 |
| CVE-2018-10844 | It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. | [email protected] | 5.9 | 3.62% | 2018-08-22 | 2026-06-16 |
| CVE-2016-4456 | The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. | [email protected] | 7.5 | 2.20% | 2017-08-08 | 2026-06-16 |
| CVE-2017-7507 | GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. | [email protected] | 7.5 | 3.41% | 2017-06-16 | 2026-06-16 |
| CVE-2017-7869 | GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. | [email protected] | 7.5 | 2.84% | 2017-04-14 | 2026-06-16 |
| CVE-2017-5337 | Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. | [email protected] | 9.8 | 6.23% | 2017-03-24 | 2026-06-16 |
| CVE-2017-5336 | Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. | [email protected] | 9.8 | 7.13% | 2017-03-24 | 2026-06-16 |
| CVE-2017-5335 | The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. | [email protected] | 7.5 | 8.08% | 2017-03-24 | 2026-06-16 |
| CVE-2017-5334 | Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. | [email protected] | 9.8 | 32.75% | 2017-03-24 | 2026-06-16 |
| CVE-2016-7444 | The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. | [email protected] | 7.5 | 2.44% | 2016-09-27 | 2026-06-16 |
| CVE-2015-3308 | Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. | [email protected] | 7.5 | 3.92% | 2015-09-02 | 2026-06-16 |
| CVE-2015-6251 | Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. | [email protected] | 5.0 | 19.03% | 2015-08-24 | 2026-06-16 |
| CVE-2014-8155 | GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. | [email protected] | 4.3 | 1.05% | 2015-08-14 | 2026-06-16 |
| CVE-2015-0282 | GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | [email protected] | 5.0 | 1.41% | 2015-03-24 | 2026-06-16 |